I thought my find_admins command just looked for any IAM privileges that aren't Get, List, or Describe. This is not the case. I think the list of privs I am using could miss some things. Some privs such as DeleteAccessKey wouldn't be useful, but I still should do something smarter here than use this list I think. Also need to consider some things like sts:AssumeRole and possibly others? Need to think more on this.
I thought my find_admins command just looked for any IAM privileges that aren't Get, List, or Describe. This is not the case. I think the list of privs I am using could miss some things. Some privs such as
DeleteAccessKey
wouldn't be useful, but I still should do something smarter here than use this list I think. Also need to consider some things likests:AssumeRole
and possibly others? Need to think more on this.https://github.com/duo-labs/cloudmapper/blob/main/shared/iam_audit.py#L161